Skyrocketing cryptocurrency bug bounties expected to lure top hacking talent

/in


As high-stakes cryptocurrency and blockchain projects proliferate and soar in value, it’s no surprise that malicious actors were enticed to steal $14 billion in cryptocurrency during 2021 alone. The frantic pace of cryptocurrency thefts is continuing into 2022.

In January, thieves stole $30 million in currency from Crypto.com and $80 million in cryptocurrency from Qubit Finance. February started with the second-largest decentralize finance (DeFi) theft to date when a hacker exploited a token exchange bridge in Wormhole to steal $320 million worth of Ethereum.

The largest cryptocurrency hack so far took place last August when blockchain interoperability project Poly Network suffered a hack that resulted in a loss of over $600 million. In an unusual move, Poly unsuccessfully attempted to publicly negotiate with the hacker a post-theft “bug bounty” of $500,000 in exchange for returning the $600 million, a bounty worth six times more than that typically offered in traditional cryptocurrency bug bounty programs.

$2 million paydays set the pace

With so much money at stake, at least $3 trillion by some calculations in late-2021, it’s also not surprising that bona fide bug bounties in the cryptocurrency sector are skyrocketing. A week ago, noted white-hat hacker Jay Freeman announced that he earned a $2,000,042 million bug bounty from Ethereum layer-2 scaling project Optimism for discovering a bug that would have allowed an attacker to print an arbitrary quantity of tokens.

Freeman is not alone in generating a $2 million payday from a cryptocurrency bounty. Gerhard Wagner submitted a critical vulnerability last October that affected the Polygon Plasma Bridge, which put $850 million at risk, earning a $2 million bounty in the process. In December, another critical vulnerability in Polygon, which put $18 billion at risk, generated a $2.2 million bounty for white-hat Leon Spacewalker. Both of these bounties were paid via Web3 bug bounty platform Immunefi.

On the same day Freeman’s bounty was made public, Ethereum-based protocol MakerDAO announced a maximum $10 millon reward through Immunefi for white hat hackers who point out legitimate security threats in…

Source…